www.bluewin-ch.eu
Open in
urlscan Pro
212.227.172.249
Malicious Activity!
Public Scan
Effective URL: https://www.bluewin-ch.eu/
Submission: On June 13 via automatic, source openphish
Summary
TLS certificate: Issued by GeoTrust RSA CA 2018 on June 10th 2019. Valid for: a year.
This is the only time www.bluewin-ch.eu was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Swisscom (Telecommunication)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 2 | 212.227.172.249 212.227.172.249 | 8560 (ONEANDONE...) (ONEANDONE-AS Brauerstrasse 48) | |
8 | 195.186.196.30 195.186.196.30 | 3303 (SWISSCOM ...) (SWISSCOM Swisscom (Switzerland) Ltd) | |
21 | 3 |
ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE)
PTR: 212-227-172-249.elastic-ssl.ui-r.com
www.bluewin-ch.eu |
ASN3303 (SWISSCOM Swisscom (Switzerland) Ltd, CH)
login.sso.bluewin.ch |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
bluewin.ch
login.sso.bluewin.ch |
219 KB |
2 |
bluewin-ch.eu
1 redirects
www.bluewin-ch.eu |
3 KB |
21 | 2 |
Domain | Requested by | |
---|---|---|
8 | login.sso.bluewin.ch |
www.bluewin-ch.eu
|
2 | www.bluewin-ch.eu | 1 redirects |
21 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.swisscom.ch |
login.sso.bluewin.ch |
Subject Issuer | Validity | Valid | |
---|---|---|---|
bluewin-ch.eu GeoTrust RSA CA 2018 |
2019-06-10 - 2020-06-09 |
a year | crt.sh |
login.sso.bluewin.ch SwissSign EV Gold CA 2014 - G22 |
2018-03-21 - 2020-03-21 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.bluewin-ch.eu/
Frame ID: F22E1ADA4CB95C3B54F7F20D04599CB0
Requests: 21 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://www.bluewin-ch.eu/
HTTP 302
https://www.bluewin-ch.eu/ Page URL
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
TweenMax (JavaScript Frameworks) Expand
Detected patterns
- env /^TweenMax$/i
Modernizr (JavaScript Libraries) Expand
Detected patterns
- env /^Modernizr$/i
Page Statistics
9 Outgoing links
These are links going to different origins than the main page.
Title: Jetzt gratis E-Mail Adresse erstellen
Search URL Search Domain Scan URL
Title: Fragen zum Thema E-Mail
Search URL Search Domain Scan URL
Title: Benutzername oder Passwort vergessen?
Search URL Search Domain Scan URL
Title: Mobile ID nutzen
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title: Swisscom Login
Search URL Search Domain Scan URL
Title: fr
Search URL Search Domain Scan URL
Title: it
Search URL Search Domain Scan URL
Title: en
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://www.bluewin-ch.eu/
HTTP 302
https://www.bluewin-ch.eu/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
21 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
www.bluewin-ch.eu/ Redirect Chain
|
10 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sdx.min.css
login.sso.bluewin.ch/resources/sdx/css/ |
307 KB 39 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nwmain.css
login.sso.bluewin.ch/resources/styles/ |
10 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
webmail.png;jsessionid=0655CD31208E6A7A51D512C10014B514
login.sso.bluewin.ch/resources/images/relying-party/ |
562 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
all.js
login.sso.bluewin.ch/resources/scripts/ |
103 KB 35 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
critical.js
login.sso.bluewin.ch/resources/scripts/ |
17 KB 7 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sdx.min.js
login.sso.bluewin.ch/resources/sdx/js/ |
339 KB 92 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Logo_Lifeform.png
login.sso.bluewin.ch/resources/images/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
TheSansB_400_.woff2
login.sso.bluewin.ch/resources/sdx/fonts/TheSans/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lifeform-spritesheet.png
login.sso.bluewin.ch/resources/sdx/images/ |
38 KB 38 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
TheSansB_600_.woff2
login.sso.bluewin.ch/resources/sdx/fonts/TheSans/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
TheSansB_300_.woff2
login.sso.bluewin.ch/resources/sdx/fonts/TheSans/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
sdx-icons.woff2
login.sso.bluewin.ch/resources/sdx/fonts/sdx-icons/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
TheSansB_400_.woff
login.sso.bluewin.ch/resources/sdx/fonts/TheSans/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
TheSansB_600_.woff
login.sso.bluewin.ch/resources/sdx/fonts/TheSans/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
TheSansB_300_.woff
login.sso.bluewin.ch/resources/sdx/fonts/TheSans/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
sdx-icons.woff
login.sso.bluewin.ch/resources/sdx/fonts/sdx-icons/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
TheSansB_600_.ttf
login.sso.bluewin.ch/resources/sdx/fonts/TheSans/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
TheSansB_400_.ttf
login.sso.bluewin.ch/resources/sdx/fonts/TheSans/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
TheSansB_300_.ttf
login.sso.bluewin.ch/resources/sdx/fonts/TheSans/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
sdx-icons.ttf
login.sso.bluewin.ch/resources/sdx/fonts/sdx-icons/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- login.sso.bluewin.ch
- URL
- https://login.sso.bluewin.ch/resources/sdx/fonts/TheSans/TheSansB_400_.woff2
- Domain
- login.sso.bluewin.ch
- URL
- https://login.sso.bluewin.ch/resources/sdx/fonts/TheSans/TheSansB_600_.woff2
- Domain
- login.sso.bluewin.ch
- URL
- https://login.sso.bluewin.ch/resources/sdx/fonts/TheSans/TheSansB_300_.woff2
- Domain
- login.sso.bluewin.ch
- URL
- https://login.sso.bluewin.ch/resources/sdx/fonts/sdx-icons/sdx-icons.woff2
- Domain
- login.sso.bluewin.ch
- URL
- https://login.sso.bluewin.ch/resources/sdx/fonts/TheSans/TheSansB_400_.woff
- Domain
- login.sso.bluewin.ch
- URL
- https://login.sso.bluewin.ch/resources/sdx/fonts/TheSans/TheSansB_600_.woff
- Domain
- login.sso.bluewin.ch
- URL
- https://login.sso.bluewin.ch/resources/sdx/fonts/TheSans/TheSansB_300_.woff
- Domain
- login.sso.bluewin.ch
- URL
- https://login.sso.bluewin.ch/resources/sdx/fonts/sdx-icons/sdx-icons.woff
- Domain
- login.sso.bluewin.ch
- URL
- https://login.sso.bluewin.ch/resources/sdx/fonts/TheSans/TheSansB_600_.ttf
- Domain
- login.sso.bluewin.ch
- URL
- https://login.sso.bluewin.ch/resources/sdx/fonts/TheSans/TheSansB_400_.ttf
- Domain
- login.sso.bluewin.ch
- URL
- https://login.sso.bluewin.ch/resources/sdx/fonts/TheSans/TheSansB_300_.ttf
- Domain
- login.sso.bluewin.ch
- URL
- https://login.sso.bluewin.ch/resources/sdx/fonts/sdx-icons/sdx-icons.ttf
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Swisscom (Telecommunication)82 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| handleSelect boolean| Ba object| webfont object| WebFont object| PubSub object| __core-js_shared__ object| Modernizr function| __extends function| __assign function| __rest function| __decorate function| __param function| __metadata function| __awaiter function| __generator function| __exportStar function| __values function| __read function| __spread function| __await function| __asyncGenerator function| __asyncDelegator function| __asyncValues function| __makeTemplateObject function| __importStar function| __importDefault function| flatpickr object| _gsQueue object| GreenSockGlobals object| com function| _gsDefine function| Ease function| Power4 function| Strong function| Quint function| Power3 function| Quart function| Power2 function| Cubic function| Power1 function| Quad function| Power0 function| Linear function| TweenLite function| TweenPlugin function| TweenMax function| TimelineLite function| TimelineMax function| BezierPlugin function| CSSPlugin function| BackOut function| BackIn function| BackInOut object| Back function| SlowMo function| SteppedEase function| RoughEase function| BounceOut function| BounceIn function| BounceInOut object| Bounce function| CircOut function| CircIn function| CircInOut object| Circ function| ElasticOut function| ElasticIn function| ElasticInOut object| Elastic function| ExpoOut function| ExpoIn function| ExpoInOut object| Expo function| SineOut function| SineIn function| SineInOut object| Sine object| EaseLookup object| sdx0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
login.sso.bluewin.ch
www.bluewin-ch.eu
login.sso.bluewin.ch
195.186.196.30
212.227.172.249
0ca0f3af0b2e3bac82e16ee5fbc3db27019d201a1b34fab0d80c6591b9a0e613
553930145388084f5b24bb8856a60d581ef807eae549bd448a9d310e1f983f6a
8390fbc9533f4baba09fc5d92999ce77139e089c02991fd4e006f8ac19f1b9dc
aea14de2f15479f33a2cdfab1cdf996596cd10de05d4c2f1f5137ad1f16a2d4c
b7312452dac2d97e4e51b8bb0af9f6750b35866186178b7b5ef0975e942068c9
d60a1bb4c61997e05a638eabb41e8356dac43c6c5bd46d07230f3d5b7a828829
e0bc3a627d23f2f2e1467bb520cf1a686a8b0e7ef12589e3e0aede4c350ad67e
f07b8927a11190e0d9988dd003bb5079a5905678ad8951eb424ab7c71dcaba33
f9adb57dca9cbd2514ed249714b613d65e78a81cadda2882679a9672c812d25e